Prevent Users From Syncing Personal OneDrive Accounts using Intune Policy

Let’s learn How to Prevent Users From Syncing Personal OneDrive Accounts using Intune Policy. The present discourse aims to elucidate the process of blocking the end user from Syncing Personal OneDrive Accounts using the Intune Settings catalogue.

I recently saw a request posted in the Microsoft community forum asking for help to create an Intune policy to prevent users from syncing personal OneDrive accounts. I promptly tested the policy in my Intune lab and documented my findings for the benefit of the community.

It is highly likely that a considerable number of my readers utilize OneDrive as a means of preserving pertinent information via their corporate accounts. Some of you may also be syncing your personal OneDrive accounts on your corporate laptop. It is possible that you may receive a request from management or customers to prevent end users from syncing their personal OneDrive accounts

The OneDrive app comes pre-installed on every Windows 11 computer. However, you can get it for free if you don’t have it installed. If you don’t already have a OneDrive account, you can create one for free and get 5GB of storage space. Alternatively, you can subscribe to Microsoft 365 for additional storage.

Patch My PC

Reason Behind Preventing Users From Syncing Personal OneDrive Accounts

For several reasons, organizations may want to prevent users from syncing personal OneDrive accounts. Personal OneDrive accounts may not be covered under a company’s licensing agreement, which could lead to additional costs and licensing violations.

Many individuals may have inadvertently synchronized their personal OneDrive accounts on their corporate laptops. We kindly remind you that such an activity poses a security risk to the organization’s confidential data. We recommend that you refrain from syncing personal accounts on your corporate laptop to ensure data integrity and security. We urge you to use the designated OneDrive account provided by the organization to store and share confidential documents.

Adaptiva
Prevent Users From Syncing Personal OneDrive Accounts Using Intune Policy. Fig. 1
Prevent Users From Syncing Personal OneDrive Accounts using Intune Policy. Fig. 1

Certain industries or organizations may have strict regulatory requirements around data storage and sharing, and allowing personal OneDrive accounts to sync with corporate data could violate these regulations. By restricting personal OneDrive accounts, organizations can maintain greater control over their data and ensure that it is stored and shared in accordance with company policies.

Block Syncing Personal OneDrive Accounts using the Intune Settings Catalogue.

We have previously discussed the importance of preventing users from syncing their personal OneDrive accounts. In order to implement this measure, let us proceed to the Intune portal. Here, we shall delve deeper into the implementation process and learn how to execute this feature effectively. Let’s start..!!

You will open a new window when you click Create Policy. Select Windows 10 and later in Platform, Select Profile Type as Settings Catalog and click on Create

PlatformProfile Type
Windows 10 and laterSettings Catalog
Prevent Users From Syncing Personal OneDrive Accounts Using Intune Policy. Table.1
Prevent Users From Syncing Personal OneDrive Accounts using Intune Policy 1
Prevent Users From Syncing Personal OneDrive Accounts Using Intune Policy. Fig.2

Navigate to the Basics tab and input the Name and Description for the profile. Click Next to go further.

Prevent Users From Syncing Personal OneDrive Accounts using Intune Policy 2
Prevent Users From Syncing Personal OneDrive Accounts Using Intune Policy. Fig.3

In the Configuration Settings section, under Settings Catalog, click Add Settings

Prevent Users From Syncing Personal OneDrive Accounts using Intune Policy 3
Prevent Users From Syncing Personal OneDrive Accounts Using Intune Policy. Fig.4
NOTE! Microsoft discovered that administrators may experience performance degradation when they add more than 400 settings to a single policy. However, Microsoft is working on making improvements to address this issue.

When you click on Add Settings, you will get a Settings picker tab, as in bellow screenshot below. Search for Onedrive in the search bar. Select Prevent users from syncing personal OneDrive accounts (User).

This setting lets you block users from signing in with a Microsoft account to sync their personal OneDrive files. If you enable this setting, users will be prevented from setting up a sync relationship for their personal OneDrive account.

Users who are already syncing their personal OneDrive when you enable this setting won’t be able to continue syncing (and will be shown a message that syncing has stopped), but any files synced to the computer will remain on the computer. If you disable or do not configure this setting, users can sync their personal OneDrive accounts.

Prevent Users From Syncing Personal OneDrive Accounts using Intune Policy 4
Prevent Users From Syncing Personal OneDrive Accounts Using Intune Policy. Fig.5

You should enable this setting to Prevent users from syncing personal OneDrive accounts. Click Next to go further.

Prevent Users From Syncing Personal OneDrive Accounts using Intune Policy 5
Prevent Users From Syncing Personal OneDrive Accounts Using Intune Policy. Fig.6

Click Next to display the Scope tags page. Add the Scope tags if you wish and click Next to assign the policy to computers. I will deploy it to the HTMD – Test Computers Group.

Prevent Users From Syncing Personal OneDrive Accounts using Intune Policy 6
Prevent Users From Syncing Personal OneDrive Accounts Using Intune Policy. Fig.7

On the Review + Create page, carefully review all the settings you’ve defined to Prevent Users From Syncing Personal OneDrive Accounts. Once you’ve confirmed that everything is correct, select Create to implement the changes.

Prevent Users From Syncing Personal OneDrive Accounts using Intune Policy 7
Prevent Users From Syncing Personal OneDrive Accounts Using Intune Policy. Fig.8

Monitor the Configuration Profile Deployment in Microsoft Intune

The configuration profile is deployed to Azure AD groups. Let’s see how we can monitor the deployment and status of installation from the Intune portal. To monitor the Intune policy assignment, follow these steps

  • Navigate to the list of Configuration Profiles and select the policy you targeted.
  • If you click “View Report,” you can see additional details.

In the screenshot below, the System account check-in-status is showing as Not applicable because the Prevent users from syncing personal OneDrive accounts policy is a user-based setting.

Prevent Users From Syncing Personal OneDrive Accounts using Intune Policy 8
Prevent Users From Syncing Personal OneDrive Accounts Using Intune Policy. Fig.9

End-User Experience after Blocking the Syncing Personal OneDrive Accounts

Let’s verify if the policy is applied to devices and what happens when users try to add or sync personal onedrive accounts. In this example, I’m trying to add my personal onedrive account to my test machine.

Prevent Users From Syncing Personal OneDrive Accounts using Intune Policy 9
Prevent Users From Syncing Personal OneDrive Accounts Using Intune Policy. Fig.10

I received an error message stating Your organization doesn’t allow you to sync your personal Onedrive on this computer when I tried to add my personal Onedrive account. Users who are already syncing their personal OneDrive when you enable this setting won’t be able to continue syncing (and will be shown a message that syncing has stopped), but any files synced to the computer will remain on the computer.

Thank you for your patience in reading this post. See you in the next post. Keep supporting the HTMD Community.

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here – HTMD WhatsApp.

Author

About Author – Sujin Nelladath has over 10 years of experience in device management technologies and Automation solutions. He writes and shares his experiences related to Microsoft device management technologies, Azure, and PowerShell automation.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.